132.148.157.66

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	xmlrpc attack	2020-02-26 01:40:43
attack	Web App Attack	2020-02-05 03:19:58
attackbots	[munged]::443 132.148.157.66 - - [13/Oct/2019:22:31:37 +0200] "POST /[munged]: HTTP/1.1" 200 9118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-14 05:06:16
attackspam	Automatic report - XMLRPC Attack	2019-10-11 00:59:38
attackbotsspam	WordPress wp-login brute force :: 132.148.157.66 0.048 BYPASS [25/Sep/2019:13:56:06 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-25 12:20:46
attackbotsspam	wp bruteforce	2019-09-03 08:50:12
attackbotsspam	windhundgang.de 132.148.157.66 \[29/Aug/2019:01:50:19 +0200\] "POST /wp-login.php HTTP/1.1" 200 8413 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" windhundgang.de 132.148.157.66 \[29/Aug/2019:01:50:20 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4219 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-08-29 11:43:12

相同子网IP讨论:

IP	类型	评论内容	时间
132.148.157.31	attackspambots	(mod_security) mod_security (id:225170) triggered by 132.148.157.31 (US/United States/ip-132-148-157-31.ip.secureserver.net): 5 in the last 300 secs	2020-04-28 16:47:22
132.148.157.29	attack	132.148.157.29 - - \[27/Apr/2020:06:30:41 +0200\] "POST /wp-login.php HTTP/1.0" 200 7050 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 132.148.157.29 - - \[27/Apr/2020:06:30:58 +0200\] "POST /wp-login.php HTTP/1.0" 200 7050 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 132.148.157.29 - - \[27/Apr/2020:06:31:00 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-27 12:56:25
132.148.157.166	attack	$f2bV_matches	2020-01-08 02:55:58

类型

评论内容

时间

132.148.157.31

attackspambots

(mod_security) mod_security (id:225170) triggered by 132.148.157.31 (US/United States/ip-132-148-157-31.ip.secureserver.net): 5 in the last 300 secs

2020-04-28 16:47:22

132.148.157.29

attack

132.148.157.29 - - \[27/Apr/2020:06:30:41 +0200\] "POST /wp-login.php HTTP/1.0" 200 7050 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
132.148.157.29 - - \[27/Apr/2020:06:30:58 +0200\] "POST /wp-login.php HTTP/1.0" 200 7050 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
132.148.157.29 - - \[27/Apr/2020:06:31:00 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"

2020-04-27 12:56:25

132.148.157.166

attack

$f2bV_matches

2020-01-08 02:55:58

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.157.66
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10584
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.157.66.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082802 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Aug 29 11:43:06 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

66.157.148.132.in-addr.arpa domain name pointer ip-132-148-157-66.ip.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
66.157.148.132.in-addr.arpa	name = ip-132-148-157-66.ip.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
185.162.235.107	attack	SMTP blocked logins: 216. Dates: 26-11-2019 / 15-12-2019	2019-12-15 18:00:58
138.68.4.8	attack	Dec 15 07:21:51 MainVPS sshd[30034]: Invalid user olds from 138.68.4.8 port 56050 Dec 15 07:21:51 MainVPS sshd[30034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Dec 15 07:21:51 MainVPS sshd[30034]: Invalid user olds from 138.68.4.8 port 56050 Dec 15 07:21:53 MainVPS sshd[30034]: Failed password for invalid user olds from 138.68.4.8 port 56050 ssh2 Dec 15 07:27:15 MainVPS sshd[8250]: Invalid user woodhull from 138.68.4.8 port 35326 ...	2019-12-15 18:03:44
213.172.151.127	attack	Unauthorized connection attempt detected from IP address 213.172.151.127 to port 139	2019-12-15 17:55:27
54.38.81.106	attack	Dec 15 09:16:47 mail sshd[21744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.81.106 user=mysql Dec 15 09:16:48 mail sshd[21744]: Failed password for mysql from 54.38.81.106 port 49678 ssh2 Dec 15 09:22:57 mail sshd[22511]: Invalid user guest from 54.38.81.106 Dec 15 09:22:57 mail sshd[22511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.81.106 Dec 15 09:22:57 mail sshd[22511]: Invalid user guest from 54.38.81.106 Dec 15 09:22:58 mail sshd[22511]: Failed password for invalid user guest from 54.38.81.106 port 43944 ssh2 ...	2019-12-15 17:54:05
106.12.36.42	attackspambots	Dec 15 10:49:56 vps647732 sshd[22682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.36.42 Dec 15 10:49:58 vps647732 sshd[22682]: Failed password for invalid user login from 106.12.36.42 port 51502 ssh2 ...	2019-12-15 17:53:08
196.15.211.91	attackspambots	$f2bV_matches	2019-12-15 17:57:59
185.176.27.170	attackspam	Dec 15 10:05:45 mail kernel: [7780846.212155] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=185.176.27.170 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34900 PROTO=TCP SPT=45121 DPT=50540 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 15 10:06:18 mail kernel: [7780880.153092] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=185.176.27.170 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57827 PROTO=TCP SPT=45121 DPT=59830 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 15 10:07:02 mail kernel: [7780924.053274] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=185.176.27.170 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37990 PROTO=TCP SPT=45121 DPT=10704 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 15 10:08:38 mail kernel: [7781020.082318] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=185.176.27.170 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59722 PROTO=TCP SPT=45121 DPT=40581 WINDOW=1024 RES=0	2019-12-15 18:21:15
14.63.167.192	attackbots	Dec 15 09:44:06 MK-Soft-VM7 sshd[7970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.167.192 Dec 15 09:44:08 MK-Soft-VM7 sshd[7970]: Failed password for invalid user bozo from 14.63.167.192 port 51230 ssh2 ...	2019-12-15 18:16:42
159.203.81.28	attack	Dec 15 10:27:47 root sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.81.28 Dec 15 10:27:49 root sshd[1138]: Failed password for invalid user chunok from 159.203.81.28 port 40517 ssh2 Dec 15 10:33:17 root sshd[1280]: Failed password for root from 159.203.81.28 port 43894 ssh2 ...	2019-12-15 17:48:36
81.101.253.42	attack	Dec 15 10:42:15 lnxded63 sshd[6614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.101.253.42	2019-12-15 17:42:43
84.1.30.70	attackbots	Dec 12 17:51:32 ahost sshd[17790]: Invalid user mckeone from 84.1.30.70 Dec 12 17:51:34 ahost sshd[17790]: Failed password for invalid user mckeone from 84.1.30.70 port 55072 ssh2 Dec 12 17:51:34 ahost sshd[17790]: Received disconnect from 84.1.30.70: 11: Bye Bye [preauth] Dec 12 18:08:59 ahost sshd[24356]: Invalid user ressner from 84.1.30.70 Dec 12 18:09:01 ahost sshd[24356]: Failed password for invalid user ressner from 84.1.30.70 port 47014 ssh2 Dec 12 18:09:01 ahost sshd[24356]: Received disconnect from 84.1.30.70: 11: Bye Bye [preauth] Dec 12 18:23:07 ahost sshd[25881]: Invalid user oa from 84.1.30.70 Dec 12 18:23:09 ahost sshd[25881]: Failed password for invalid user oa from 84.1.30.70 port 57440 ssh2 Dec 12 18:23:09 ahost sshd[25881]: Received disconnect from 84.1.30.70: 11: Bye Bye [preauth] Dec 12 18:37:02 ahost sshd[31494]: Invalid user hung from 84.1.30.70 Dec 12 18:37:03 ahost sshd[31494]: Failed password for invalid user hung from 84.1.30.70 port 39158 ssh2........ ------------------------------	2019-12-15 17:53:34
51.75.67.108	attackspam	Dec 15 11:08:46 localhost sshd\[27867\]: Invalid user finite from 51.75.67.108 port 46676 Dec 15 11:08:46 localhost sshd\[27867\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.67.108 Dec 15 11:08:48 localhost sshd\[27867\]: Failed password for invalid user finite from 51.75.67.108 port 46676 ssh2	2019-12-15 18:10:12
180.71.47.198	attackspambots	Dec 15 10:37:30 MK-Soft-VM3 sshd[15453]: Failed password for root from 180.71.47.198 port 52796 ssh2 ...	2019-12-15 17:56:22
192.241.220.228	attackspam	Dec 14 21:58:51 hpm sshd\[31065\]: Invalid user akamine from 192.241.220.228 Dec 14 21:58:51 hpm sshd\[31065\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.220.228 Dec 14 21:58:53 hpm sshd\[31065\]: Failed password for invalid user akamine from 192.241.220.228 port 50252 ssh2 Dec 14 22:04:19 hpm sshd\[31567\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.220.228 user=root Dec 14 22:04:21 hpm sshd\[31567\]: Failed password for root from 192.241.220.228 port 57190 ssh2	2019-12-15 18:02:10
81.177.98.52	attackbots	$f2bV_matches	2019-12-15 18:10:41

最近上报的IP列表

1.60.122.99	80.245.117.82	148.71.186.43	92.41.93.215
115.208.150.77	172.69.68.72	132.148.134.246	197.248.119.140
225.118.218.145	218.24.167.204	115.79.27.219	118.96.190.163
185.104.184.214	213.85.40.90	125.161.135.228	203.66.178.29
189.101.63.90	185.23.65.7	118.83.160.28	218.201.214.177